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Abstract (Basic) : 

. . . The system for virus analysis automatically replicates 

infected files . A suspected virus file is loaded into a test 
application, e.g. wordprocessor . Using message passing or/and a 
scripting system, the control system sends commands and simulated 
keystrokes to the application. The system determines if this 
creates new files containing the virus . Depending on whether or not 
the virus is polymorphic, differing numbers of samples are generated. 

. . . Automatic computer virus sample generation. . . 

. . .Reduces the effort needed to create virus copies including 

automatically deciding how many replications are needed for analysis... 



.The figure shows a logic flow diagram of a global macro 
replication process in accordance with the invention. . . 
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Title: Static analysis virus detection tools for UNIX systems 

Abstract: The paper proposes two heuristic tools for detecting viruses 
in a UNIX environment. The tools would be used to detect infected 
programs prior to their installation. The tools use static analysis and 
verification techniques . One tool, the detector , searches for 
duplication of operating system calls. A program compiled and linked 
from source code (such as C) makes calls to standard library routines for 
operating system services; relevant to detecting viruses are calls on 
files services, such as open and write. Such object code will contain 
only one instance of the standard library subroutine for each type of 
service requested by the program . A virus would most likely carry along 
its own system calls, hence an infected program would have duplicate 
calls to the file service and is easily caught by the detector. The 
second tool, the filter, uses static analysis to determine all of the files 
which a program is capable of writing to. By knowing what files a 
program can and cannot write, one can decide whether or not that program 
is suspicious. The paper discusses the features and shortcomings of both 
tools and gives some implementation details related to the detection of 
UNIX viruses . In order to defeat these tools, a virus would have to be 
quite complex and, if successful in avoiding detection by these tools, 
accept limited propagation. The tools are also useful for detecting more 
general malicious code , such as Trojan Horses. 
...Descriptors: utility programs 
Identifiers: virus detection tools... 
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Conference Date: 20-25 Aug. 1995 Conference Location: Montreal, Que., 
Canada 

Language: English 
Subfile: C 
Copyright 1997, lEE 

Title: Biologically inspired defenses against computer viruses 
Abstract: Today's anti- virus technology, based largely on analysis of 
existing viruses by human experts, is just barely able to keep pace with 
the more than three new computer viruses that are written daily. In a few 
years, intelligent agents navigating through highly connected networks are 
likely to form an extremely fertile medium for a new breed of viruses . At 
IBM, we are developing novel, biologically inspired anti- virus techniques 
designed to thwart both today's and tomorrow's viruses . We describe two 
of these: a neural network virus detector that learns to discriminate 
between infected and uninfected programs , and a computer immune system 

that identifies new viruses , analyzes them automatically, and uses 
the results of its analysis to detect and remove all copies of the 

virus that are present in the system. The neural-net technology has been 
incorporated into IBM's commercial anti- virus product; the computer 
immune system is in prototype. 
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1987447 NTIS Accession Number: PB97-852446 

Computer Viruses : Identification , Mode of Infection, and 
Protection. (Latest citations from the INSPEC Database) 

(Published Search) 
NERAC, Inc., Tolland, CT . 
Corp. Source Codes: 103588000 

Sponsor: National Technical Information Service, Springfield, VA. 
Dec 96 50-250 citations 

Languages: English Document Type: Bibliography 
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Updated with each order. Supersedes PB96-851217. Sponsored in part by 
National Technical Information Service, Springfield, VA. 

Order this product from NTIS by: phone at 1-800-553-NTIS (U.S. 
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email at orders(3ntis . f edworld . gov . NTIS is located at 5285 Port Royal Road, 
Springfield, VA, 22161, USA. 

NTIS Prices: PC NOl/MF NOl 

Computer Viruses : Identification , Mode of Infection, and 
Protection. (Latest citations from the INSPEC Database) 

The bibliography contains citations concerning computer viruses . These 
small, secretly introduced programs can destroy data or hardware, 
although most to date have inserted humorous or annoying messages on 
existing programs . Bulletin boards, online systems, shared software , 

local area networks, and dealer-demonstrated software are among the 

potential sources of virus infections discussed. Topics include internal 

virus protection programs , security systems, and virus protection 

software . Legal liability for virus introduction is examined . Ridding 
a computer system of a known virus is briefly considered. Methods of 

virus identification and specific computer viruses are 

examined. (Contains 50-250 citations and includes a subject term index and 
title list.) ( Copyright NERAC, Inc. 1995) 
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REVISION DATE: 20030930 

PRODUCT NAMES: Viruses & Worms ( 

TITLE: Melissa Virus Portends Bigger Security Risks 

Another e-mail virus has been discovered that uses Microsoft Office 
macros to first infect a Word default document template, then each 
ensuing Word document created from the default template. Called Melissa, 
the virus also spreads to a user^s Microsoft Outlook e-mail program and 
automatically sends itself as a legitimate Word file attachment to the 
first 50 address book contacts. Melissa then spreads itself into the 
e-mail recipient's hard drive when the user opens the Word attachment, in 
order to replicate itself further. Though Melissa incurs a minimum amount 
of damage compared to many other viruses , the fact it can so easily 
infect millions of e-mail users around the world has analysts worried 
about future viruses that may be less playful. Even more disturbing is 
that the Melissa virus code takes up less than a page of code. Melissa's 
simplicity could thus encourage other more violent hackers to create more 
destructive viruses . 
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Title: Global behaviour of computer virus diffusion and extinction 

Abstract: We analyze both in theory and by simulation the spread of 
computer viruses in a network composed of personal computers, and show 
there is the relation between virus diffusion and graphic properties of a 
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Abstract: First, virus detection and removal methods which 
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